package com.hxy.hrm.config;

import com.hxy.hrm.handler.DefaultAccessDeniedHandler;
import com.hxy.hrm.handler.MyAuthenticationFailureHandler;
import com.hxy.hrm.handler.MyAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

@Configuration
//开启web安全配置
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    //密码编码器：不加密
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Autowired
    private MyAuthenticationSuccessHandler successHandler;
    @Autowired
    private MyAuthenticationFailureHandler failureHandler;
    @Autowired
    private DefaultAccessDeniedHandler accessDeniedHandler;
    @Autowired
    private PersistentTokenRepository repository;
    @Autowired
    private UserDetailsService userDetailsService;


    //授权规则配置
    @Override //http安全配置
    protected void configure(HttpSecurity http) throws Exception {
        //授权配置
        http.authorizeRequests()
                //登录路径放行
                .antMatchers("/login").permitAll()
                //登录页面放行
                .antMatchers("/login.html").permitAll()
                .anyRequest().authenticated()//其他路径都要认证之后才能访问
                .and().formLogin()//允许表单登录
                // 设置登陆成功页
                //.successForwardUrl("/loginSuccess")
                //登录成功json数据返回
                .successHandler(successHandler)
                .failureHandler(failureHandler)
                //没有登录跳转的页面
                .loginPage("/login.html")
                //登录处理地址
                .loginProcessingUrl("/login")
                //登出路径放行 /logout
                .and().logout().permitAll()
                //关闭跨域伪造检查
                .and().csrf().disable();
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
        //记住我
        http.rememberMe().tokenRepository(repository).tokenValiditySeconds(3600)
                .userDetailsService(userDetailsService);
    }



    //记住我功能实现配置如下：
    @Bean
    public PersistentTokenRepository repository() {
        JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl();
        //要访问数据库必须设置数据源
        repository.setDataSource(dataSource());
        //自动创建表persistent_logins
        repository.setCreateTableOnStartup(true);
        return repository;
    }

    @Bean
    //主数据源
    @Primary
    @ConfigurationProperties("spring.datasource1")
    public DataSource dataSource() {
        return DataSourceBuilder.create().build();
    }

}